Skip to content

fix(deps-dev): bump composer/composer from 2.2.26 to 2.2.27 in /plugins/wp-graphql#3773

Merged
justlevine merged 1 commit into
mainfrom
dependabot/composer/plugins/wp-graphql/composer/composer-2.2.27
Apr 20, 2026
Merged

fix(deps-dev): bump composer/composer from 2.2.26 to 2.2.27 in /plugins/wp-graphql#3773
justlevine merged 1 commit into
mainfrom
dependabot/composer/plugins/wp-graphql/composer/composer-2.2.27

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 14, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps composer/composer from 2.2.26 to 2.2.27.

Release notes

Sourced from composer/composer's releases.

2.2.27

  • Security: Fixed command injection via malicious Perforce reference (GHSA-gqw4-4w2p-838q / CVE-2026-40261)
  • Security: Fixed command injection via malicious Perforce repository definition (GHSA-wg36-wvj6-r67p / CVE-2026-40176)
  • Security: Hardened git/hg/perforce/fossil identifier validation to ensure branch names starting with - do not cause issues (246f807b, 246f807b, 246f807b)
  • Security: Fixed Perforce unescaped user input in queryP4User shell command (246f807b)
  • Security: Fixed usage of insecure 3DES ciphers when ext-curl is missing (21ffece62)
  • Fixed issue handling paths with = in them on Windows (#11568)

Full Changelog: composer/composer@2.2.26...2.2.27

Changelog

Sourced from composer/composer's changelog.

[2.2.27] 2026-04-14

  • Security: Fixed command injection via malicious Perforce reference (GHSA-gqw4-4w2p-838q / CVE-2026-40261)
  • Security: Fixed command injection via malicious Perforce repository definition (GHSA-wg36-wvj6-r67p / CVE-2026-40176)
  • Security: Hardened git/hg/perforce/fossil identifier validation to ensure branch names starting with - do not cause issues (246f807b, 246f807b, 246f807b)
  • Security: Fixed Perforce unescaped user input in queryP4User shell command (246f807b)
  • Security: Fixed usage of insecure 3DES ciphers when ext-curl is missing (21ffece62)
  • Fixed issue handling paths with = in them on Windows (#11568)
Commits
  • c800ff7 Release 2.2.27
  • 24da889 Fix windows tests
  • dc9c846 Update changelog
  • b0fdacb Fix usage of insecure 3DES cipher suites when curl is disabled
  • d9ffd9c Merge commit from fork
  • 3448a8f Merge commit from fork
  • acbcada Fix fossil driver identifier validation for getFileContent
  • cc89070 Fix syntax
  • 58c91f9 Fix fossil update call when calling it with valid branch names like --dry-run...
  • de0805c Fix git/hg driver identifier validation for getChangeDate when using method p...
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file php Pull requests that update Php code labels Apr 14, 2026
@vercel

vercel Bot commented Apr 14, 2026
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Actions Updated (UTC)
wpgraphql-com Skipped Skipped Apr 20, 2026 2:43pm

justlevine
justlevine previously approved these changes Apr 14, 2026
View reviewed changes

@justlevine justlevine left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure why this didnt get bumped to 2.9.7, but LGTM.

Failing test is preexisting and unrelated

@dependabot dependabot Bot force-pushed the dependabot/composer/plugins/wp-graphql/composer/composer-2.2.27 branch from d70f435 to b6b9f94 Compare April 15, 2026 16:35
@codecov

codecov Bot commented Apr 15, 2026
edited
Loading

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 84.6%. Comparing base (45d0e21) to head (94aabf0).

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff           @@
##              main   #3773   +/-   ##
=======================================
  Coverage     84.6%   84.6%           
  Complexity    4275    4275           
=======================================
  Files          221     221           
  Lines        19260   19260           
=======================================
  Hits         16285   16285           
  Misses        2975    2975
Flag Coverage Δ
wp-graphql-wpunit-twentytwentyfive-multisite 84.5% <ø> (ø)
wp-graphql-wpunit-twentytwentyfive-single 84.5% <ø> (ø)
wp-graphql-wpunit-twentytwentyone-multisite 84.5% <ø> (ø)
wp-graphql-wpunit-twentytwentyone-single 84.5% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@justlevine

justlevine commented Apr 20, 2026

Copy link
Copy Markdown
Collaborator

@dependabot rebase

@dependabot @github

dependabot Bot commented on behalf of github Apr 20, 2026

Copy link
Copy Markdown
Contributor Author

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@justlevine

justlevine commented Apr 20, 2026

Copy link
Copy Markdown
Collaborator

@dependabot recreate

@dependabot
fix(deps-dev): bump composer/composer in /plugins/wp-graphql
d1ec924 
Bumps [composer/composer](https://github.com/composer/composer) from 2.2.26 to 2.2.27.
- [Release notes](https://github.com/composer/composer/releases)
- [Changelog](https://github.com/composer/composer/blob/2.2.27/CHANGELOG.md)
- [Commits](composer/composer@2.2.26...2.2.27)

---
updated-dependencies:
- dependency-name: composer/composer
  dependency-version: 2.2.27
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/composer/plugins/wp-graphql/composer/composer-2.2.27 branch from 94aabf0 to d1ec924 Compare April 20, 2026 14:43
@justlevine justlevine merged commit 8f249b6 into main Apr 20, 2026
47 of 48 checks passed
@justlevine justlevine deleted the dependabot/composer/plugins/wp-graphql/composer/composer-2.2.27 branch April 20, 2026 15:10
This was referenced Apr 20, 2026
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@justlevine justlevine justlevine approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file php Pull requests that update Php code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@justlevine